145 Android Apps With Windows Malware Taken Down From Google Play: Report

The apps are harmful only when their APK files are unpacked on a Windows machine.

Highlights

The development was reported by Palo Alto Networks

Most of the apps were first released more than 6 months back

The apps apparently do not harm the Android operating system

Several apps on Google Play were found to sport a new malware aimed at harming Windows machines. A report from earlier this week suggests that a total of 145 Android apps have been affected, most of which were first released in October and November last year. Google has since taken down the listed apps, however the countermeasure comes more than 6 months after release. The infected apps include names like Learn to Draw clothing, Modification Trail, and Gymnastics Training Tutorial. Notably, the malware in these apps cannot cause any harm to the Android mobile operating system.

The researchers over at Palo Alto Networks found out about these infected Android apps and reported them to Google, after which all apps have been taken down from Google Play. The interesting aspect of these apps is that they have malicious Windows executable files, which means that they do not pose any threat to Android devices as such. The files can only be run on Windows-powered machines. A reason behind this malware could be that the developers are creating software on "compromised Windows systems that are infected with malware".

This has also been ascertained by the fact that the same developers offer both infected and non-infected apps on Google Play. This could be due to different development environments used by the same developer. The Palo Alto Networks report states that several of these infected apps have more than 1,000 installations each as well as 4-star ratings.

"Among these infected apps, one APK file may contain multiple malicious PE files at different locations, with different file names. However, there are mainly two PE files embedded across all of the infected apps," the report explains.

There is a chance of potential damage only if the APK file of any infected app is unpacked on a Windows machine and the above-mentioned PE files are executed on the PC. However, the situation might get worse if the developers somehow issue malicious files runnable on Android.

Back in March last year, a similar malware that had the ability to cause harm to Windows machines struck around 132 Android apps on Google Play. Most of the infected apps originated from Indonesia. Incidentally, this discovery was also made by the folks over at Palo Alto Networks.